Bugtraq mailing list archives
Re: TCP Timestamping and Remotely gathering uptime information
From: Matt Lewis <barkode-bugtraq () NINJAS ORG>
Date: Fri, 16 Mar 2001 12:04:03 -0800
Darren Reed said:
Why do you think all timestamps should not reveal uptime information ?
Well, not to speak on Bret's behalf per se, but personally, I've seen plenty of software (the quality of which may be in question) that uses uptime (or clock-ticks-since-boot, whatever) for a variety of things, albeit ususally trivial. However, take for example a weak IP stack that uses this data to do ISN generation for tcp sessions, for instance a trivial time dependency that takes the uptime of a machine and uses it to compute a poorly-generated psuedo-random number for use as an ISN. Not to say this is actually the case, but there's definitely software in userland that this could affect. To generalize, if someone knew that a particular application they were attempting to attack used the uptime of the machine as a seed to generate some sort of serial, tracking, or sequencing number, or a temp-file-naming-scheme, etc, it may not be the straw that breaks the camel's back, but it certainly may help the attacker. Of course, you're asking for it if you're using uptime as a seed for anything you want to call a decent PRNG. -Matt
Current thread:
- Re: TCP Timestamping and Remotely gathering uptime information, (continued)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Valdis Kletnieks (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Saint skullY the Dazed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information arivanov (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Stephen White (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information bert hubert (Mar 20)
- Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Darren Reed (Mar 20)
- Re: Remote fingerprinting/uptime (was Re: TCP Timestamping ...) Jason R Thorpe (Mar 22)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 16)
- Re: TCP Timestamping and Remotely gathering uptime information Chris Tobkin (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Ted U (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Matt Lewis (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information Theo de Raadt (Mar 20)
- Re: TCP Timestamping and Remotely gathering uptime information Darren Reed (Mar 19)
- Re: TCP Timestamping and Remotely gathering uptime information van der Kooij, Hugo (Mar 20)